SelfPrompt: Autonomously Evaluating LLM Robustness via Domain-Constrained Knowledge Guidelines and Refined Adversarial Prompts (2412.00765v1)

Abstract: Traditional methods for evaluating the robustness of LLMs often rely on standardized benchmarks, which can escalate costs and limit evaluations across varied domains. This paper introduces a novel framework designed to autonomously evaluate the robustness of LLMs by incorporating refined adversarial prompts and domain-constrained knowledge guidelines in the form of knowledge graphs. Our method systematically generates descriptive sentences from domain-constrained knowledge graph triplets to formulate adversarial prompts, enhancing the relevance and challenge of the evaluation. These prompts, generated by the LLM itself and tailored to evaluate its own robustness, undergo a rigorous filtering and refinement process, ensuring that only those with high textual fluency and semantic fidelity are used. This self-evaluation mechanism allows the LLM to evaluate its robustness without the need for external benchmarks. We assess the effectiveness of our framework through extensive testing on both proprietary models like ChatGPT and open-source models such as Llama-3.1, Phi-3, and Mistral. Results confirm that our approach not only reduces dependency on conventional data but also provides a targeted and efficient means of evaluating LLM robustness in constrained domains.

Evaluation of LLM Robustness Using Self-Generated Adversarial Prompts

The paper presents a framework called SelfPrompt, which aims to autonomously assess the robustness of LLMs against adversarial prompts, without the reliance on external benchmark datasets. This method incorporates adversarial prompt generation using domain-constrained knowledge guidelines derived from structured knowledge graphs. The focus is to strategically employ LLMs themselves to generate, evaluate, and refine adversarial prompts, rendering an intrinsic self-evaluation approach to assess their robustness across varied domains.

Framework Overview

SelfPrompt is structured around a few core components:

1. Triplet Processing and Original Prompt Generation:
   • The method begins with the decomposition of domain-constrained knowledge graphs into triplets, which subsequently undergo labeling to reflect correctness, subject errors, or predicate errors.
   • These triplets are then formulated into coherent descriptive sentences, either using template-guided strategies or the LLM itself, transitioning the structured data into original prompts.
2. Adversarial Prompt Generation:
   • The original prompts serve as seed data for creating adversarial prompts. The objective is to syntactically alter these prompts to preserve original semantics while introducing modifications that challenge the LLM's understanding, thereby testing its robustness.
   • An optional few-shot learning approach is employed to further enhance this process, leveraging examples to fine-tune the generation of high-quality adversarial prompts.
3. Filter Module:
   • To ensure quality and consistency, the framework implements a filtering module. This module scrutinizes the adversarial prompts based on text fluency and semantic fidelity, enforcing standards that are crucial for meaningful robustness evaluation.
4. Robustness Metrics:
   • The robustness of a model is evaluated using a metric based on the model's performance on original versus adversarial prompts, quantifying its resilience to adversarial attacks.

Key Findings

The SelfPrompt framework was empirically tested using various LLMs, including proprietary and open-source models like ChatGPT and Llama. The models were evaluated against datasets spanning general and constrained domains, such as T-REx for general knowledge and UMLS for medical concepts.

Results:

• Larger-scale models generally exhibit stronger robustness in general domains, consistent with the expectation that increased model parameters correlate with enhanced performance metrics.
• However, results diverge when evaluated within constrained domains, highlighting the necessity of domain-specific robustness evaluations.
• The framework demonstrates efficiency in discerning the disparity in model robustness across domains, which underscores its potential for targeted applications in critical sectors requiring high-performing LLMs.

Implications and Future Directions

The introduction of an autonomous evaluation framework like SelfPrompt broadens the evaluative capabilities for LLM robustness, especially in specialized fields. The framework underlines the importance of domain specificity, promoting a tailored approach to application and evaluation of LLMs across different knowledge-based landscapes.

Practically, this approach offers a cost-effective alternative to traditional adversarial testing methods, reducing dependency on extensive manual handling inherent in benchmark datasets like Adversarial GLUE. The self-evaluating aspect presents a streamlined methodology, potentially applicative to a wider array of LLM configurations and purposes.

Future Exploration:

• Further developments could involve expanding the types of tasks beyond classification—such as incorporating tasks like short answer questions or true/false assessments—to enrich robustness testing scenarios.
• Integrating more adaptive prompt generation techniques and extending the framework to other domains where knowledge graph availability is sparse, could enhance the model’s utility and robustness comprehensiveness.

Overall, SelfPrompt marks a significant methodological consideration for refined LLM robustness evaluation, offering an adaptable framework for the continual deployment of robust AI systems in diverse real-world applications.